Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d64417efc2f9cdac087ed24241c32ea6e972024ee7a05b6c5f1a001fd3534e62

  • Size

    934KB

  • Sample

    231011-y1w4qscf45

  • MD5

    b8819997a74132370ddd92cc57a26969

  • SHA1

    23fd7702316f1c4a9a1e0b7a44a9fd96d21a911b

  • SHA256

    d64417efc2f9cdac087ed24241c32ea6e972024ee7a05b6c5f1a001fd3534e62

  • SHA512

    73160cc685a6165f2d7305006bae5b3dbd54499c94bbd09ea9d692466192e1dcb4daba868c05adbc761b08149a14d03f3e478a0f45a7ce498b879ac500e30c65

  • SSDEEP

    24576:FyJlmmXDP1rkCO5HOBS6lJ4LhYz8W135OF9wU:gJZ4RHkLYw13U

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes
  • auth_value

    5a22a881561d49941415902859b51f14

Targets

    • Target

      d64417efc2f9cdac087ed24241c32ea6e972024ee7a05b6c5f1a001fd3534e62

    • Size

      934KB

    • MD5

      b8819997a74132370ddd92cc57a26969

    • SHA1

      23fd7702316f1c4a9a1e0b7a44a9fd96d21a911b

    • SHA256

      d64417efc2f9cdac087ed24241c32ea6e972024ee7a05b6c5f1a001fd3534e62

    • SHA512

      73160cc685a6165f2d7305006bae5b3dbd54499c94bbd09ea9d692466192e1dcb4daba868c05adbc761b08149a14d03f3e478a0f45a7ce498b879ac500e30c65

    • SSDEEP

      24576:FyJlmmXDP1rkCO5HOBS6lJ4LhYz8W135OF9wU:gJZ4RHkLYw13U

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks